AWS 网络设计中的权衡管理艺术.pdf

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.N E T 3 1 5The Art of Managing Trade-Offs for your AWS Network DesignYusraa Djaafer(She/her)Solutions ArchitectAmazon Web ServicesYashar Araghi(He/him)Solutions Arch

2、itectAmazon Web Services 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.What do we mean by Trade-Offs?2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.012345678910SecurityPerformanceScalabilityOperationsCostHigh AvailabilityDesign Pillars 2025,Amazon Web Service

3、s,Inc.or its affiliates.All rights reserved.Performance vs.Cost Scalability vs.ComplexityHigh Availability vs.CostScalability vs.Operational efficiencyArchitecture Trade-Offs“Security is always top priority!”2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.AgendaTraffic InspectionC

4、entralizedDistributedIngress/Egress PatternsAWS Transit Gateway&Cloud WANTraffic Inspection Hybrid ConnectivityScaling Hybrid SegmentationMicroservices communicationTGW vs.VPC Lattice Connectivity options 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc

5、.or its affiliates.All rights reserved.Traffic Inspection-Centralized 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.AWS RegionWorkload VPCInspection/Egress VPCOn-premises NetworkSpoke Route TableFirewall Route TableAWS Direct Connect/VPNWorkload VPCWorkload VPCAWS Transit Gatewa

6、y 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Inspection/Egress VPCAvailability Zone ATGW subnetNAT Gateway subnetCentralized Inspection with AWS Network FirewallANF Endpoint subnetWorkload VPCWorkload VPC 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Insp